* encrypt the input message with the cipher, and format the type, sequence
* number, IV, and ciphertext as follows.
*
- * +------+ +------+---...---+------...------+
- * | type | | seq | iv | ciphertext |
- * +------+ +------+---...---+------...------+
- * 32 32 blksz sz
+ * +--------+ +--------+---...---+------...------+
+ * | type | | seq | iv | ciphertext |
+ * +--------+ +--------+---...---+------...------+
+ * 32 32 blksz sz
*
* All of this is fed into the MAC to compute a tag. The type is not
* transmitted: the other end knows what type of message it expects, and the
* kind of ciphertext has been substituted. The tag is prepended to the
* remainder, to yield the finished cryptogram, as follows.
*
- * +---...---+------+---...---+------...------+
- * | tag | seq | iv | ciphertext |
- * +---...---+------+---...---+------...------+
- * tagsz 32 blksz sz
+ * +---...---+--------+---...---+------...------+
+ * | tag | seq | iv | ciphertext |
+ * +---...---+--------+---...---+------...------+
+ * tagsz 32 blksz sz
*
* Decryption: checks the overall size, verifies the tag, then decrypts the
* ciphertext and extracts the sequence number.
*
* So, a MAC is computed over
*
- * +------+ +------+------...------+
- * | type | | seq | ciphertext |
- * +------+ +------+------...------+
- * 32 32 sz
+ * +--------+ +--------+------...------+
+ * | type | | seq | ciphertext |
+ * +--------+ +--------+------...------+
+ * 32 32 sz
*
* and we actually transmit the following as the cryptogram.
*
* Catacomb's current AEAD schemes are suitable.) The low 32 bits are the
* sequence number, and the high 32 bits are the type, both big-endian.
*
- * +------+------+
- * | seq | type |
- * +------+------+
- * 32 32
+ * +--------+--------+
+ * | seq | type |
+ * +--------+--------+
+ * 32 32
*
* The ciphertext is formatted as
*
- * +---...---+------+------...------+
- * | tag | seq | ciphertext |
- * +---...---+------+------...------+
- * tagsz 32 sz
+ * +---...---+--------+------...------+
+ * | tag | seq | ciphertext |
+ * +---...---+--------+------...------+
+ * tagsz 32 sz
*
*/
p = key_getattr(kf, k, "tagsz");
if (!p) {
p = key_getattr(kf, k, "mac");
- if (strncmp(p, "aead", 4) != 0 || (p[4] && p[4] != '/')) {
- a_format(e, "unknown-mac", "%s", p, A_END);
- goto fail;
- }
- if (p[4] == '/') p += 5;
+ if (!p) ;
+ else if (strncmp(p, "aead", 4) != 0 || (p[4] && p[4] != '/'))
+ { a_format(e, "unknown-mac", "%s", p, A_END); goto fail; }
+ else if (p[4] == '/') p += 5;
else p = 0;
}
if (!p)
* Salsa20 and ChaCha accept a 64-bit nonce. The low 32 bits are the
* sequence number, and the high 32 bits are the type, both big-endian.
*
- * +------+------+
- * | seq | type |
- * +------+------+
- * 32 32
+ * +--------+--------+
+ * | seq | type |
+ * +--------+--------+
+ * 32 32
*
* A stream is generated by concatenating the raw output blocks generated
* with this nonce and successive counter values starting from zero. The